788 research outputs found
A Survey on Modality Characteristics, Performance Evaluation Metrics, and Security for Traditional and Wearable Biometric Systems
Biometric research is directed increasingly towards Wearable Biometric Systems (WBS) for user authentication and identification. However, prior to engaging in WBS research, how their operational dynamics and design considerations differ from those of Traditional Biometric Systems (TBS) must be understood. While the current literature is cognizant of those differences, there is no effective work that summarizes the factors where TBS and WBS differ, namely, their modality characteristics, performance, security and privacy. To bridge the gap, this paper accordingly reviews and compares the key characteristics of modalities, contrasts the metrics used to evaluate system performance, and highlights the divergence in critical vulnerabilities, attacks and defenses for TBS and WBS. It further discusses how these factors affect the design considerations for WBS, the open challenges and future directions of research in these areas. In doing so, the paper provides a big-picture overview of the important avenues of challenges and potential solutions that researchers entering the field should be aware of. Hence, this survey aims to be a starting point for researchers in comprehending the fundamental differences between TBS and WBS before understanding the core challenges associated with WBS and its design
ECG Biometric Authentication: A Comparative Analysis
Robust authentication and identification methods become an indispensable urgent task to protect the integrity of the devices and the sensitive data. Passwords have provided access control and authentication, but have shown their inherent vulnerabilities. The speed and convenience factor are what makes biometrics the ideal authentication solution as they could have a low probability of circumvention. To overcome the limitations of the traditional biometric systems, electrocardiogram (ECG) has received the most attention from the biometrics community due to the highly individualized nature of the ECG signals and the fact that they are ubiquitous and difficult to counterfeit. However, one of the main challenges in ECG-based biometric development is the lack of large ECG databases. In this paper, we contribute to creating a new large gallery off-the-person ECG datasets that can provide new opportunities for the ECG biometric research community. We explore the impact of filtering type, segmentation, feature extraction, and health status on ECG biometric by using the evaluation metrics. Our results have shown that our ECG biometric authentication outperforms existing methods lacking the ability to efficiently extract features, filtering, segmentation, and matching. This is evident by obtaining 100% accuracy for PTB, MIT-BHI, CEBSDB, CYBHI, ECG-ID, and in-house ECG-BG database in spite of noisy, unhealthy ECG signals while performing five-fold cross-validation. In addition, an average of 2.11% EER among 1,694 subjects is obtained
ECG Biometric Recognition: Review, System Proposal, and Benchmark Evaluation
Electrocardiograms (ECGs) have shown unique patterns to distinguish between
different subjects and present important advantages compared to other biometric
traits, such as difficulty to counterfeit, liveness detection, and ubiquity.
Also, with the success of Deep Learning technologies, ECG biometric recognition
has received increasing interest in recent years. However, it is not easy to
evaluate the improvements of novel ECG proposed methods, mainly due to the lack
of public data and standard experimental protocols. In this study, we perform
extensive analysis and comparison of different scenarios in ECG biometric
recognition. Both verification and identification tasks are investigated, as
well as single- and multi-session scenarios. Finally, we also perform single-
and multi-lead ECG experiments, considering traditional scenarios using
electrodes in the chest and limbs and current user-friendly wearable devices.
In addition, we present ECGXtractor, a robust Deep Learning technology
trained with an in-house large-scale database and able to operate successfully
across various scenarios and multiple databases. We introduce our proposed
feature extractor, trained with multiple sinus-rhythm heartbeats belonging to
55,967 subjects, and provide a general public benchmark evaluation with
detailed experimental protocol. We evaluate the system performance over four
different databases: i) our in-house database, ii) PTB, iii) ECG-ID, and iv)
CYBHi. With the widely used PTB database, we achieve Equal Error Rates of 0.14%
and 2.06% in verification, and accuracies of 100% and 96.46% in identification,
respectively in single- and multi-session analysis. We release the source code,
experimental protocol details, and pre-trained models in GitHub to advance in
the field.Comment: 11 pages, 4 figure
Multi-Factor Authentication: A Survey
Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.Peer reviewe
Seamless Multimodal Biometrics for Continuous Personalised Wellbeing Monitoring
Artificially intelligent perception is increasingly present in the lives of
every one of us. Vehicles are no exception, (...) In the near future, pattern
recognition will have an even stronger role in vehicles, as self-driving cars
will require automated ways to understand what is happening around (and within)
them and act accordingly. (...) This doctoral work focused on advancing
in-vehicle sensing through the research of novel computer vision and pattern
recognition methodologies for both biometrics and wellbeing monitoring. The
main focus has been on electrocardiogram (ECG) biometrics, a trait well-known
for its potential for seamless driver monitoring. Major efforts were devoted to
achieving improved performance in identification and identity verification in
off-the-person scenarios, well-known for increased noise and variability. Here,
end-to-end deep learning ECG biometric solutions were proposed and important
topics were addressed such as cross-database and long-term performance,
waveform relevance through explainability, and interlead conversion. Face
biometrics, a natural complement to the ECG in seamless unconstrained
scenarios, was also studied in this work. The open challenges of masked face
recognition and interpretability in biometrics were tackled in an effort to
evolve towards algorithms that are more transparent, trustworthy, and robust to
significant occlusions. Within the topic of wellbeing monitoring, improved
solutions to multimodal emotion recognition in groups of people and
activity/violence recognition in in-vehicle scenarios were proposed. At last,
we also proposed a novel way to learn template security within end-to-end
models, dismissing additional separate encryption processes, and a
self-supervised learning approach tailored to sequential data, in order to
ensure data security and optimal performance. (...)Comment: Doctoral thesis presented and approved on the 21st of December 2022
to the University of Port
Towards trustworthy computing on untrustworthy hardware
Historically, hardware was thought to be inherently secure and trusted due to its
obscurity and the isolated nature of its design and manufacturing. In the last two
decades, however, hardware trust and security have emerged as pressing issues.
Modern day hardware is surrounded by threats manifested mainly in undesired
modifications by untrusted parties in its supply chain, unauthorized and pirated
selling, injected faults, and system and microarchitectural level attacks. These threats,
if realized, are expected to push hardware to abnormal and unexpected behaviour
causing real-life damage and significantly undermining our trust in the electronic and
computing systems we use in our daily lives and in safety critical applications. A
large number of detective and preventive countermeasures have been proposed in
literature. It is a fact, however, that our knowledge of potential consequences to
real-life threats to hardware trust is lacking given the limited number of real-life
reports and the plethora of ways in which hardware trust could be undermined. With
this in mind, run-time monitoring of hardware combined with active mitigation of
attacks, referred to as trustworthy computing on untrustworthy hardware, is proposed
as the last line of defence. This last line of defence allows us to face the issue of live
hardware mistrust rather than turning a blind eye to it or being helpless once it occurs.
This thesis proposes three different frameworks towards trustworthy computing
on untrustworthy hardware. The presented frameworks are adaptable to different
applications, independent of the design of the monitored elements, based on
autonomous security elements, and are computationally lightweight. The first
framework is concerned with explicit violations and breaches of trust at run-time,
with an untrustworthy on-chip communication interconnect presented as a potential
offender. The framework is based on the guiding principles of component guarding,
data tagging, and event verification. The second framework targets hardware elements
with inherently variable and unpredictable operational latency and proposes a
machine-learning based characterization of these latencies to infer undesired latency
extensions or denial of service attacks. The framework is implemented on a DDR3
DRAM after showing its vulnerability to obscured latency extension attacks. The
third framework studies the possibility of the deployment of untrustworthy hardware
elements in the analog front end, and the consequent integrity issues that might arise
at the analog-digital boundary of system on chips. The framework uses machine
learning methods and the unique temporal and arithmetic features of signals at this
boundary to monitor their integrity and assess their trust level
Recent Advances in Biometric Technology for Mobile Devices
International audienceThe prevalent commercial deployment of mobile biometrics as a robust authentication method on mobile devices has fueled increasingly scientific attention. Motivated by this, in this work we seek to provide insight on recent development in mobile biometrics. We present parallels and dissimilarities of mobile biometrics and classical biometrics, enumerate related benefits and challenges. Further we provide an overview of recent techniques in mobile biometrics, as well as application systems adopted by industry. Finally, we discuss open research problems in this field
SemiAutomatic Generation of Tests for Assessing Correct Integration of Security Mechanisms in the Internet of Things
Internet of Things (IoT) is expanding at a global level and its influence in our daily lives is
increasing. This fast expansion, with companies competing to be the first to deploy new
IoT systems, has led to the majority of the software being created and produced without
due attention being given to security considerations and without adequate security testing. Software quality and security testing are inextricably linked. The most successful
approach to achieve secure software is to adhere to secure development, deployment, and
maintenance principles and practices throughout the development process. Security testing is a procedure for ensuring that a system keeps the users data secure and performs as
expected. However, extensively testing a system can be a very daunting task, that usually
requires professionals to be well versed in the subject, so as to be performed correctly.
Moreover, not all development teams can have access to a security expert to perform security testing in their IoT systems. The need to automate security testing emerged as a
potential means to solve this issue.
This dissertation describes the process undertaken to design and develop a module entitled Assessing Correct Integration of Security Mechanisms (ACISM) that aims to provide
system developers with the means to improve system security by anticipating and preventing potential attacks. Using the list of threats that the system is vulnerable as inputs, this
tool provides developers with a set of security tests and tools that will allow testing how
susceptible the system is to each of those threats. This tool outputs a set of possible attacks
derived from the threats and what tools could be used to simulate these attacks.
The tool developed in this dissertation has the purpose to function as a plugin of a framework called Security Advising Modules (SAM). It has the objective of advising users in the
development of secure IoT, cloud and mobile systems during the design phases of these
systems. SAM is a modular framework composed by a set of modules that advise the user
in different stages of the security engineering process.
To validate the usefulness of the ACISM module in real life, it was tested by 17 computer
science practitioners. The feedback received from these users was very positive. The great
majority of the participants found the tool to be extremely helpful in facilitating the execution of security tests in IoT.
The principal contributions achieved with this dissertation were: the creation of a tool
that outputs a set of attacks and penetration tools to execute the attacks mentioned, all
starting from the threats an IoT system is susceptible to. Each of the identified attacking
tools will be accompanied with a brief instructional guide; all summing up to an extensive
review of the state of the art in testing.A Internet das Coisas (IoT) é um dos paradigmas com maior expansão mundial à data de
escrita da dissertação, traduzindose numa influência incontornável no quotidiano. As
empresas pretendem ser as primeiras a implantar novos sistemas de IoT como resultado
da sua rápida expansão, o que faz com que a maior parte do software seja criado e produzido sem considerações de segurança ou testes de segurança adequados. A qualidade
do software e os testes de segurança estão intimamente ligados. A abordagem mais bemsucedida para obter software seguro é aderir aos princípios e práticas de desenvolvimento,
implantação e manutenção seguros em todo o processo de desenvolvimento. O teste de
segurança é um procedimento para garantir que um sistema proteja os dados do utilizador
e execute conforme o esperado.
Esta dissertação descreve o esforço despendido na concepção e desenvolvimento de uma
ferramenta que, tendo em consideração as ameaças às quais um sistema é vulnerável, produz um conjunto de testes e identifica um conjunto de ferramentas de segurança para verificar a susceptibilidade do sistema às mesmas. A ferramenta mencionada anteriormente
foi desenvolvida em Python e tem como valores de entrada uma lista de ameaças às quais
o sistema é vulnerável. Depois de processar estas informações, a ferramenta produz um
conjunto de ataques derivados das ameaças e possíveis ferramentas a serem usadas para
simular esses ataques.
Para verificar a utilidade da ferramenta em cenários reais, esta foi testada por 17 pessoas
com conhecimento na área de informática. A ferramenta foi avaliada pelos sujeitos de
teste de uma forma muito positiva. A grande maioria dos participantes considerou a ferramenta extremamente útil para auxiliar a realização de testes de segurança em IoT.
As principais contribuições alcançadas com esta dissertação foram: a criação de uma ferramenta que, através das ameaças às quais um sistema IoT é susceptível, produzirá um
conjunto de ataques e ferramentas de penetração para executar os ataques mencionados.
Cada uma das ferramentas será acompanhada por um breve guia de instruções; uma extensa revisão do estado da arte em testes.The work described in this dissertation was carried out at the Instituto de Telecomunicações, Multimedia Signal Processing – Covilhã Laboratory, in Universidade da Beira Interior, at Covilhã, Portugal. This research work was funded by the S E C U R I o T E S I G N
Project through FCT/COMPETE/FEDER under Reference Number POCI010145FEDER030657 and by Fundação para Ciência e Tecnologia (FCT) research grant with reference
BIL/Nº11/2019B00701
- …